E-Discovery vs Cyber Forensics?

ArabianKnight

I have been looking into both of these tracks lately and trying to get an idea of the skillsets of both. What are the differences and similarities between the two(can one do the others job)? As far as cyber forensics goes, I am thinking along the lines of working in a SOC or otherwise doing digital media analysis(hard drives, CD's, USB drives, etc.) I see very few jobs that only focus on just analyzing hard drives and such and for to deal with network forensics and malware in addition to. I know e-discovery has more to do with chain of custody and litigation stuff, just how much of this is part of the job? What would the typical salaries be like with say....3 years digital "forensics" experience with training in the DMV area?

yzT

I remember to read a guide from SANS, Forensics Focus or some other forensics-related site about the difference. Basically, e-discovery is the one who get the evidences, meanwhile forensics is the one who analyze them.

For example, the e-discovery guy finds a suspicious file and the forensic guy analyze the binary. E-discovery is the one who uses Autopsy and forensics is the one who uses Cucko, do you understand? xD

cshkuru

the way I understand it e-discovery has to do with the recovery and analysis of materials that may be used as part of a court case. Example search cataloging and storing all the relevant emails on a subject that are received as part of a deposition or subpoena. https://en.wikipedia.org/wiki/Electronic_discovery One of my friends worked for one of the major e-discovery vendors the work can actually be pretty challenging or at least he could make it sound that way.

the_Grinch

Honestly, eDiscovery is typically more civil then criminal. Most law firms perform eDiscovery, whilst forensics is going to fall to either law enforcement agencies or incident response teams dealing with hacks.

ArabianKnight

In regards to cyber forensics working with incident response, how much of the "other" INFOSEC skills do you need? Are you a jack-of-all-trades person or do you just do forensics when something happens. I see many INFOSEC positions that list pretty much every skill imaginable working in a SOC doing forensics, but they want you to be a network engineer, sys admin, malware analyst, SIEM expert, etc...

the_Grinch

Honestly, I haven't been on an IR team to answer that question. But it seems to me purely forensic positions are rare and again fall in the realm of government positions. In the private sector, aside from a few companies looking specifically for a forensic person, most are looking for a jack of all trades security person. Which I understand because forensics tends to be more collateral in nature since if there isn't an incident what else can they do? All that being said I am positive one of the forums members who works in IR can answer.